==Phrack Inc.==
Volume Two, Issue 24, File 13 of 13
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN P h r a c k W o r l d N e w s PWN
PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN
PWN Issue XXIV/Part 3 PWN
PWN PWN
PWN February 25, 1989 PWN
PWN PWN
PWN Created, Written, and Edited PWN
PWN by Knight Lightning PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
The Judas Contract Fulfilled! January 24, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"...the other thing that made me mad was that I consider myself, at
least I used to consider myself, a person who was pretty careful
about who I trust, basically nobody had my home number, and few
people even knew where I really lived..."
-The Disk Jockey
The following story, as told by The Disk Jockey, is a prime example of the
dangers that exist in the phreak/hack community when sharing trust with those
who have made The Judas Contract.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Let me briefly explain how I got caught...
A hacker named Compaq was busted after someone turned him in for using Sprint
codes. While executing the search warrant, the state police noticed that he
had an excessive amount of computer equipment which had origins that Compaq
could not explain.
After checking around (I imagine checking serial numbers that Compaq had not
removed), the police found that the equipment was obtained illegally. Compaq
then proceeded to tell the police that I, Doug Nelson (as he thought my name
was) had brought them to him (true).
Meanwhile, Compaq was talking to me and he told me that he was keeping his
mouth shut the entire time. Keep in mind that I had been talking to this guy
for quite a long time previously and thought that I knew him quite well. I
felt that I was quite a preceptive person.
As time went by, little did I know, Compaq was having meetings again and again
with the state police as well as the Federal Bureau of Investigation (FBI)
concerning finding out who I was. He gave them a complete description of me,
and where I (correctly) went to school, but again, he was SURE my name was
Douglas Nelson, and since my phone had previously been in that name, he felt
assured that he was correct. The Police checked with Illinois and couldn't
find license plates or a driver's license in that name. He had remembered
seeing Illinois license plates on my car.
They were stuck until Compaq had a wonderful: He and I had went out to dinner
and over the course of conversation, I mentioned something about living in
Bloomfield Hills, Michigan.
After telling the state police this information, they wrote to Bloomfield Hills
and gave a description and asked for any pictures in their files that fit that
description.
The problem was that several years ago, some friends and I were arrested for
joyriding in a friend's snowmobile while he was on vacation. The neighbors
didn't know us and called the police. Charges were dropped, but our prints and
pictures were on file.
Bloomfield Hills sent back 12 pictures, which, according to the police report,
"Kent L. Gormat (Compaq) without hesitation identified picture 3 as the
individual he knows as Douglas Nelson. This individuals name was in fact
Douglas..."
A warrant was issued for me and served shortly afterwards by state, local and
federal authorities at 1:47 AM on June 27, 1988.
Lucky me to have such a great pal. In the 6 months that I was in prison, my
parents lived 400 miles away and couldn't visit me, my girlfriend could come
visit me once a month at best, since she was so far away, and Compaq, who lived
a whole 10 miles away, never came to see me once. This made me rather angry as
I figured this "friend" had a lot of explaining to do.
As you can see I am out of prison now, but I will be on probation until
December 15, 1989.
-The Disk Jockey
_______________________________________________________________________________
Bogus Frequent Flyer Scheme February 13, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~
>From Associated Press
An airline ticket agent piled up 1.7 million bonus air miles via computer
without leaving the ground, then sold the credits for more than $20,000,
according to a published report.
Ralf Kwaschni, age 28, was arrested Sunday when he arrived for work at Kennedy
International Airport and was charged with computer tampering and grand
larceny, authorities said.
Kwaschni, a ticket agent for Lufthansa Airlines, used to work for American
Airlines. Police said he used his computer access code to create 18 fake
American Airline Advantage Accounts - racking up 1.7 million bonus air miles,
according to the newspaper.
All 18 accounts, five in Kwaschni's name and 13 under fake ones, listed the
same post office box, according to the newspaper.
Instead of exchanging the bonus miles for all the free travel, Kwaschni sold
some of them for $22,500 to brokers, who used the credits to get a couple of
first class, round trip tickets from New York to Australia, two more between
London and Bermuda, and one between New York and Paris. It is legal to sell
personal bonus miles to brokers Port Authority Detective Charles Schmidt said.
Kwaschni would create accounts under common last names. When a person with one
of the names was aboard an American flight and did not have an Advantage
account, the passengers name would be eliminated from the flight list and
replaced with one from the fake accounts.
"As the plane was pulling away from the gate, this guy was literally wiping out
passengers," Schmidt said.
_______________________________________________________________________________
Massive Counterfeit ATM Card Scheme Foiled February 11, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Douglas Frantz (Los Angeles Times)
The U.S. Secret Service foiled a scheme to use more than 7,700 counterfeit ATM
cards to obtain cash from Bank of America automated tellers. After a
month-long investigation with an informant, five people were arrested and
charged with violating federal fraud statutes.
"Seized in the raid were 1,884 completed counterfeit cards, 4,900 partially
completed cards, and a machine to encode the cards with Bank Of America account
information, including highly secret personal identification numbers for
customers."
The alleged mastermind, Mark Koenig, is a computer programmer for Applied
Communications, Inc. of Omaha, a subsidiary of U.S. West. He was temporarily
working under contract for a subsidiary of GTE Corporation, which handles the
company's 286 ATMs at stores in California. Koenig had access to account
information for cards used at the GTE ATMs. According to a taped conversation,
Koenig said he had transferred the BofA account information to his home
computer. He took only Bank Of America information "to make it look like an
inside job" at the bank. The encoding machine was from his office.
Koenig and confederates planned to spread out across the country over six days
around the President's Day weekend, and withdraw cash. They were to wear
disguises because some ATMs have hidden cameras. Three "test" cards had been
used successfully, but only a small amount was taken in the tests, according to
the Secret Service.
The prosecuting US attorney estimated that losses to the bank would have been
between $7 and $14 million. Bank Of America has sent letters to 7,000
customers explaining that they will receive new cards.
_______________________________________________________________________________
STARLINK - An Alternative To PC Pursuit January 24, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STARLINK is an alternative to PC Pursuit. You can call 91 cities in 28 states
during off-peak hours (7pm-6am and all weekend) for $1.50 per hour. All
connections through the Tymnet network are 2400 bps (1200 bps works too) with
no surcharge and there are no maximum hours or other limitations.
There is a one time charge of $50 to signup and a $10 per month account
maintenance fee. High volume users may elect to pay a $25 per month
maintenance fee and $1.00 per hour charge.
The service is operated by Galaxy Telecomm in Virginia Beach, VA and users may
sign up for the service by modem at 804-495-INFO. You will get 30 minutes free
access time after signing up.
This is a service of Galaxy and not TYMNET. Galaxy buys large blocks of hours
from TYMNET. To find out what your local access number is you can call TYMNET
at (800) 336-0149 24 hours per day. Don't ask them questions about rates,
etc., as they don't know. Call Galaxy instead.
Galaxy says they will soon have their own 800 number for signups and
information.
The following is a listing of the major cities covered. There are others that
are a local call from the ones listed.
Eastern Time Zone
Connecticut: Bloomfield Hartford Stamford
Florida: Fort Lauderdale Jacksonville Longwood Miami Orlando Tampa
Georgia: Atlanta Doraville Marietta Norcross
Indiana: Indianapolis
Maryland: Baltimore
Massachusetts: Boston Cambridge
New Jersey: Camden Englewood Cliffs Newark Pennsauken Princeton South
Brunswick
New York: Albany Buffalo Melville New York Pittsford Rochester
White Plains
North Carolina: Charlotte
Ohio: Akron Cincinnati Cleveland Columbus Dayton
Pennsylvania: Philadelphia Pittsburgh
Rhode Island: Providence
Virginia: Alexandria Arlington Fairfax Midlothian Norfolk Portsmouth
Central Time Zone
Alabama: Birmingham
Illinois: Chicago Glen Ellyn
Kansas: Wichita
Michigan: Detroit
Minnesota: Minneapolis St. Paul
Missouri: Bridgeton Independence Kansas City St. Louis
Nebraska: Omaha
Oklahoma: Oklahoma City Tulsa
Tennessee: Memphis Nashville
Texas: Arlington Dallas Fort Worth Houston
Wisconsin: Brookfield Milwaukee
Mountain Time Zone
Arizona: Mesa Phoenix Tucson
Colorado: Aurora Boulder Denver
Pacific Time Zone
California: Alhambra Anaheim El Segundo Long Beach Newport Beach
Oakland Pasadena Pleasanton Sacramento San Francisco
San Jose Sherman Oaks Vernon Walnut Creek
Washington: Bellevue Seattle
STARLINK is a service of Galaxy Telecomm Division, GTC, Inc., the publishers of
BBS Telecomputing News, Galaxy Magazine and other electronic publications.
_______________________________________________________________________________
Suspended Sentences For Computer Break-In February 20, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>From Personal Computing Weekly
"Police Officers Sentenced For Misuse Of Police National Computer"
Three police officers hired by private investigators to break into the Police
National Computer received suspended prison sentences at Winchester Crown
Court. The private investigators also received suspended (prison) sentences,
ranging from four to six months.
The police officers were charged under the Official Secrets Act of conspiring
to obtain confidential information from the Police National Computer at Hendon.
One of the police officers admitted the charge, but the other two and the
private investigators pleaded Not Guilty.
The case arose out of a Television show called "Secret Society" in which
private investigator Stephen Bartlett was recorded telling journalist Duncan
Campbell that he had access to the Police National Computer, the Criminal
Records Office at Scotland Yard and the DHSS (Department of Health & Social
Security).
Bartlett said he could provide information on virtually any person on a few
hours. He said he had the access through certain police officers at
Basingstoke, Hampshire. Although an investigation proved the Basingstoke
connection to be false, the trail led to other police officers and private
detectives elsewhere.
Most of the information gleaned from the computers was used to determine who
owned certain vehicles, who had a good credit record -- or even who had been in
a certain place at a certain time for people investigating marital infidelity.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Of course, the actions for which the officers and others were sentenced, were
not computer break-ins as such, but rather misuse of legitimate access.
_______________________________________________________________________________
Virus Hoax Caused As Much Panic As The Real Thing February 20, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>From Popular Computing Weekly
"A Virus Is Up And Running"
Michael Banbrook gave his college network managers a scare when he planted a
message saying that a virus was active on the college system.
Banbrook's message appeared whenever a user miskeyed a password; the usual
message would be
"You are not an authorized user."
It was replaced by the brief but sinister:
"A Virus is up and running."
When the message was discovered by the college network manager, Banbrook was
immediately forbidden access to any computers at the St. Francix Xavier College
at Clapham in South London.
Banbrook, 17, told "Popular Computing Weekly" that he believed the college
has over-reacted and that he had, in fact thrown a spotlight on the college's
lackluster network security. The college has a 64 node RM Nimbus network
running MS-DOS.
"All any has to do is change a five-line DOS batch file" says Banbrook.
"There is no security at all"
Banbrook admits his motives were not entirely related to enhancing security:
"I was just bored and started doodling and where some people would doodle with
a notepad, I doodle on a keyboard. I never thought anyone would believe the
message."
Banbrook was suspended from computer science A-level classes and forbidden to
use the college computers for a week before it was discovered that no virus
existed. Following a meeting between college principal Bryan Scalune and
Banbrook's parents, things are said to be "back to normal."
_______________________________________________________________________________
Phrack World News -- Quicknotes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For those interested in the 312/708 NPA Split, the correct date for this
division is November 11, 1989. However, permissive dialing will continue until
at least February 9, 1990.
-------------------------------------------------------------------------------
Anyone who is wondering what Robert Morris, Jr. looks like should have a look
at Page 66 in the January 1989 issue of Discover Magazine.
_______________________________________________________________________________